Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

SSL Handshake failed with rest API



  • Hello everyone,
    Since last Thursday, I'm encontering an SSL Handskae failed when I'm consuming my API.
    I'm not using any SSL certificate with then NetworkAccessManager object. Below my source code

    QEventLoop eventLoop;
      QNetworkAccessManager networkManager;
    	if (!m_networkProxy.hostName().isEmpty())
    		networkManager.setProxy(m_networkProxy);
    
    	qDebug() << QString("%1/getUserToken?username=%2").arg(m_sServerURL, m_strSerialLic); //TheriaqueSuivi/
    
    	QObject::connect(&networkManager, SIGNAL(finished(QNetworkReply*)), &eventLoop, SLOT(quit()));
        QNetworkRequest networkRequest( QUrl( QString("%1/getUserToken?username=%2").arg(m_sServerURL, m_strSerialLic) ) );
    	
        QNetworkReply *networkReply = networkManager.get(networkRequest);
        eventLoop.exec();
     
    	QString strResponse = (QString)networkReply->readAll();
    
        QJsonDocument jsonResponse = QJsonDocument::fromJson(strResponse.toUtf8());
        QJsonValue valErrorCode = jsonResponse.object().value(ERROR_CODE);
        QJsonValue valResult = jsonResponse.object().value(RES_MSG);
    
        if ((networkReply->error() != QNetworkReply::NoError) || (valErrorCode.toInt() != 1000))
            qDebug() << networkReply->errorString() << valResult.toString() << networkReply->error();
            
            emit networkError( networkReply->error() );
    
    		delete networkReply;
        }
    

    I've seen this issue but despite adding the below source, the error is still here.

    	QString pemCert = QApplication::applicationDirPath() + "/"+"isrgrootx1.pem";
    
    #if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)
    	QSslConfiguration::defaultConfiguration().addCaCertificates(pemCert);
    #else
        QSslSocket::addDefaultCaCertificates(pemCert);
    #endif
    
    	QSslConfiguration SslConfiguration(QSslConfiguration::defaultConfiguration());
    
    	QList<QSslCertificate> caList = SslConfiguration.caCertificates();
    
    	caList.append(QSslCertificate::fromPath(pemCert.toLocal8Bit())); //Root CA
    
    	SslConfiguration.setCaCertificates(caList);
    
    	SslConfiguration.setLocalCertificate(QSslCertificate(pemCert.toLocal8Bit()));
    
    	SslConfiguration.setProtocol(QSsl::SslV3);
    
    	SslConfiguration.setPeerVerifyMode(QSslSocket::VerifyPeer);
    
    	networkRequest.setSslConfiguration(SslConfiguration); 
    

    Can anyone tell me what I'm wrong and what to do to fix the problem because it impacts my clients.
    Regards


  • Lifetime Qt Champion

    Hi,

    Any chances that your API uses a Let's Encrypt certificate ?



  • Hello
    As you can see, I'm not using any certificate to consume the API. In server side, we use a LetsEncryt certficate to use HTTPS protocol. The certificate is up to date after the LetsEncrypt update on 30/09/21.

    Adding a certificate on the client side doesn't resolve the problem. For test, we have tried to consume the API from a Java client and it works fine. So, the problem is from the application.


  • Lifetime Qt Champion

    I am wondering whether you are having the same issue discussed here.



  • Hello,

    Thanks for the link. It helped me.
    But, in my case, I've used the solution given here and the problem was fixed.

    Regards.


Log in to reply